Privacy Policy | GitaQuest

1. Introduction

GitaQuest ("we," "us," "our", or "the Service") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and service.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

When you sign in with Google OAuth:

Name and email address
Profile photo/avatar
Age (provided during onboarding)
Learning goal (provided during onboarding)
Display name (editable)

2.2 Information Automatically Collected

Quiz progress, scores, and answers
Daily challenge completion status
Streak data (current and longest)
Lotus petal balance and reward history
Quiz sessions and activity timestamps
Preferences (dark mode, sound, submit mode, leaderboard opt-in)
IP address and browser/device information (via standard web logs)
Session cookies (Firebase authentication)

2.3 AI Content Generation

We use third-party AI providers (OpenAI, Google Gemini, or Anthropic Claude) to generate quiz questions. These providers receive only quiz generation parameters (chapter, tier, question type, difficulty) and do not receive any of your personal information.

3. How We Use Your Information

Track your learning progress through quiz tiers
Maintain streak data and send reminders
Award lotus petals and track rewards
Display your position on leaderboard (only if you opt in)
Send transactional emails (welcome, streak reminders)
Improve quiz content and user experience
Debug errors and monitor service performance
Prevent fraud and maintain service security

4. Data Storage & Security

Your data is stored securely in Google Firebase Firestore with encryption in transit and at rest. We do not sell, share, or transfer your personal data to third parties (except as necessary to operate the service, e.g., email provider).

Data Retention: Your data is retained as long as your account exists. Upon account deletion, all quiz results, rewards, sessions, and personal information are permanently deleted within 30 days.

5. Your GDPR Rights (EU Users)

If you are in the European Union, you have the following rights under GDPR:

Right to Access: Request all your personal data we hold
Right to Rectification: Correct inaccurate or incomplete data (edit profile)
Right to Erasure: Request deletion of your account and all data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to specific data processing
Right to Withdraw Consent: Withdraw consent to processing at any time

To exercise any of these rights, contact us (see Section 10).

6. Cookies & Tracking

We use Firebase authentication cookies to maintain your login session. We do not use:

Tracking cookies or pixels
Third-party advertising cookies
Analytics cookies that identify you personally

You can manage cookies through your browser settings. Disabling authentication cookies will log you out.

7. Third-Party Services

GitaQuest integrates with:

Google OAuth: For authentication (see Google Privacy Policy)
Firebase/Google Cloud: For data storage and processing (see Google Cloud Privacy Notice)
Zeptomail: For transactional emails (see Zoho Privacy Policy)
AI Providers: OpenAI, Google Gemini, or Anthropic (for question generation only)

We are not responsible for the privacy practices of these services. Please review their privacy policies.

8. Children's Privacy

GitaQuest is designed for ages 5+. If you are under 13, your parent or guardian must consent to this Privacy Policy. We do not knowingly collect personal information from children under 13 without parental consent.

9. Updates to This Policy

We may update this Privacy Policy at any time. The "Last updated" date reflects the most recent revision. Continued use of the Service constitutes acceptance of updated terms.

10. Contact Us

For privacy questions, data access requests, or to exercise your GDPR rights:

Email: privacy@gitaquest.com
GitHub: GitaQuest Repository

We will respond to all privacy requests within 30 days.

REVIEW NOTICE: This is a template. Before production, have this reviewed by legal counsel familiar with your jurisdiction (especially GDPR for EU users).